CARP (from the English Common Address Redundancy Protocol ) is a network protocol whose main task is to use a single IP address by several hosts within a network segment.
| CARP | |
|---|---|
| Title | Common address redundancy protocol |
| Level ( OSI model ) | 3 (network) |
| Family | TCP / IP |
| Created in | 2003 |
| Protocol Purpose | IP address distribution across multiple hosts |
| Developer | |
CARP is a free, secure (to the extent that one can talk about the security of the ARP protocol) alternative to the VRRP and HSRP protocols. CARP allows you to select a group of hosts in a network segment and assign it a single IP address. Such a group is called a “redundancy group”. Within this group, one of the hosts becomes “primary”, and the rest are designated as “backup”. At each point in time, the master host responds to ARP requests to the assigned IP address and processes the traffic going to this address. Each host can belong to several groups at the same time.
One common use case for CARP is to create redundancy on firewalls . The virtual IP address that is assigned to the redundancy group is specified on the client machines as the default gateway. In the event of a failure of the firewall acting as a master, the backup firewall will take this IP address and continue servicing clients. The CARP design requires members of the same group to be physically on the same subnet with the same static IP address, although with the introduction of the carpdev directive there is no need to assign an address to the physical interface. Services that require a permanent connection to the server (such as SSH and IRC ) cannot be transparently transferred in the event of a failure and will require reconnection. CARP cannot sync data between applications. To solve this problem, additional mechanisms can be used to synchronize the state of firewalls, for example, pfsync .
CARP also supports load balancing through ARP balancing. When hosts combined in a CARP group receive an ARP request, the outgoing IP address is used to determine which host will respond. In this case, the host selected as the main one for the virtual group will respond, and the rest will ignore the request. The linked servers will accept various ARP responses and subsequent traffic will be balanced between the servers. In case of failure of one of the hosts in the CARP group, one of the remaining ones will intercept the virtual MAC address and will respond to ARP requests. ARP balancing only works in the local segment. It is not possible when using an intermediate router, since the router will forward data to the same host.
Creation History
In the late 90s, the IETF began working on a protocol for redundant routers . In 1997, Cisco announced that they had already patented a similar protocol (HSRP). However, the IETF continued to work on the VRRP protocol. As VRRP resolved HSRP issues, Cisco began using VRRP, claiming it was their property.
Because of the HSRP patent, it was not possible to develop a free implementation of VRRP, so the OpenBSD programmers started developing CARP as an alternative to the patented VRRP. To avoid legal action over the HSRP patent, the developers ensured that CARP was significantly different from HSRP. The protocol development was completed by the OpenBSD project team in October 2003 , and OpenBSD 3.5 [2] became the first operating system with CARP support. Later, protocol support appeared in FreeBSD (under the name "ucarp") and NetBSD , and then in DragonFlyBSD .